BSOD comes quick, reboots before I can PrintSCRN; DM log .zip attached


  1. Posts : 3
    Windows x64
       #1

    BSOD comes quick, reboots before I can PrintSCRN; DM log .zip attached


    Hello everyone~

    This is a BSOD that shows up and within 2 or 3 sec's the computer reboots so I barely have time to hit the print screen button. The pc doesn't lock up, it just reboots and back to the desktop we go...

    My first approach was to check for viruses, trojans, etc.
    Did ChkDisk.
    All of those maintenance sort of things you'd think of-I think I've done them all.

    Did a memory test by typing "memory" in the START box; it ran and I thought I was going to get a report but nothing showed up... Was I supposed to look for it somewhere?

    I did follow along and ran the DM_log prog as instructed here; I'm attaching the .zip file.

    Thank you for any help you can provide. If this is just a simple Windows "oddity" then fine, but if there's a problem I don't want to wait until the system crashes to deal with it.

    Other information related to my system should be in my profile..

    Thanks again....
      My Computer


  2. Posts : 646
    NT4
       #2

    Your one dump shows a network related crash originating from Malwarebytes, this would generally point to some sort of infection, so a very deep scan for malware and viruses would be in order, malwarebytes could be compromised so I wouldn't trust the results from that atm.

    Driver Reference Table - fwpkclnt.sys
    Driver Reference Table - mwac.sys


    Code:
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    Use !analyze -v to get detailed debugging information.
    BugCheck 19, {20, fffffa80095dae70, fffffa80095dae90, 4020005}
    *** WARNING: Unable to verify timestamp for mwac.sys
    *** ERROR: Module load completed but symbols could not be loaded for mwac.sys
    Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a )
    Followup: MachineOwner
    ---------
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    BAD_POOL_HEADER (19)
    The pool is already corrupt at the time of the current request.
    This may or may not be due to the caller.
    The internal pool links must be walked to figure out a possible cause of
    the problem, and then special pool applied to the suspect tags or the driver
    verifier to a suspect driver.
    Arguments:
    Arg1: 0000000000000020, a pool block header size is corrupt.
    Arg2: fffffa80095dae70, The pool entry we were looking for within the page.
    Arg3: fffffa80095dae90, The next pool entry.
    Arg4: 0000000004020005, (reserved)
    Debugging Details:
    ------------------
     
    BUGCHECK_STR:  0x19_20
    POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310a100
    GetUlongFromAddress: unable to read from fffff8000310a1c0
     fffffa80095dae70 Nonpaged pool
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    PROCESS_NAME:  mbamservice.ex
    CURRENT_IRQL:  2
    ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
    LAST_CONTROL_TRANSFER:  from fffff80003003cbe to fffff80002ecd8c0
    STACK_TEXT:  
    fffff880`06eb62e8 fffff800`03003cbe : 00000000`00000019 00000000`00000020 fffffa80`095dae70 fffffa80`095dae90 : nt!KeBugCheckEx
    fffff880`06eb62f0 fffff880`01727d2d : 00000000`00000008 00000000`00000010 00000000`676e7049 fffffa80`0889314c : nt!ExAllocatePoolWithTag+0x1a2a
    fffff880`06eb63a0 fffff880`0140a066 : 00000000`00000000 fffff880`014060c3 00000000`00000000 fffffa80`068c7a90 : tcpip!IppInspectBuildHeaders+0x65d
    fffff880`06eb6680 fffff880`0671c12d : 00000000`00000008 00000000`00000014 00000000`00000000 fffffa80`0b83c010 : fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+0x20a
    fffff880`06eb6720 00000000`00000008 : 00000000`00000014 00000000`00000000 fffffa80`0b83c010 fffffa80`0b83c024 : mwac+0x612d
    fffff880`06eb6728 00000000`00000014 : 00000000`00000000 fffffa80`0b83c010 fffffa80`0b83c024 fffffa80`00000011 : 0x8
    fffff880`06eb6730 00000000`00000000 : fffffa80`0b83c010 fffffa80`0b83c024 fffffa80`00000011 00000000`00000000 : 0x14
     
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a
    fffff880`0140a066 85c0            test    eax,eax
    SYMBOL_STACK_INDEX:  3
    SYMBOL_NAME:  fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: fwpkclnt
    IMAGE_NAME:  fwpkclnt.sys
    DEBUG_FLR_IMAGE_TIMESTAMP:  533f5b09
    IMAGE_VERSION:  6.1.7601.18438
    FAILURE_BUCKET_ID:  X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a
    BUCKET_ID:  X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a
    ANALYSIS_SOURCE:  KM
    FAILURE_ID_HASH_STRING:  km:x64_0x19_20_fwpkclnt!fwpsconstructipheaderfortransportpacket0+20a
    FAILURE_ID_HASH:  {863e217f-0693-d7a3-6d21-a4c5a3f57698}
    Followup: MachineOwner
    ---------
      My Computer


  3. Posts : 3
    Windows x64
    Thread Starter
       #3

    Re:


    Thank you for that. I did upgrade Malware bytes from the free to the paid version and right after that is actually when the problems started. I had forgotten that but your post brought it back to attention. And you're correct; Malwarebytes found nothing but I've run two other malware scans using other tools. One found two serious instances of malware, the other one is running but it looks like it may have found something too.

    I'm going to uninstall malwarebytes; I'm not sure I can trust my installation of it now. And this has been a good warning to me; I used to be in the habit of backing up business files to an external harddrive, but I had become a bit lazy and not doing that as much as I should so I'm doing that as well.

    I'll keep going with checking the system and backing up files; if anything else should erupt I'll follow up here.
      My Computer


  4. Posts : 3
    Windows x64
    Thread Starter
       #4

    re:


    I guess I've got it fixed, thanks for your help. A different prog found two instances of malware and removed them; I haven't had any issues for the past few days..
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:01.
Find Us